Average CGRC (Certified in Governance, Risk and Compliance) salary

Greg Belding
May 11, 2022 by
Greg Belding

Professionals earn certifications for many reasons — to certify knowledge and skills, help with career advancement and better pay. For those working in security risk management and the Risk Management Framework (RMF), a certification that will help is the Certified Authorization Professional or CAP. This certification is offered by ISC2, and it verifies that the cert holder has the knowledge and skill to implement, authorize and maintain information systems for their organization.

Earn your CGRC, guaranteed!

Earn your CGRC, guaranteed!

Enroll in a CGRC (formerly CAP) Boot Camp and earn one of the industry's most respected certifications — guaranteed.

What is the CAP certification?

CAP is a risk management certification intended for professionals working within various RMFs related to security risk management. This certification verifies that you fully understand Governance, Risk and Compliance (GRC). It also certifies that you can authorize and maintain an organization’s information systems using RMFs and that you have a mastery over the best practices, procedures and policies of security risk management. This certification is both well-known and of high renown.

Average CAP salary 

Let’s face it, we all know why you are reading this article. Instead of hiding the ball from you, similar to how parents hide their Christmas presents from their children leading up to the holidays, I’m going to give it right to you. The average salary for professionals that have earned a CAP certification is $124,610. The average CAP salary has nearly doubled since earlier estimates, which may be because the certification is still relatively new (being first introduced in 2015). It has taken several years to get the most accurate average salary picture for this advanced certification.

CAP prerequisites

If this average salary makes you want to earn this certification for yourself, you may be asking about the prerequisites for earning the certification. The prerequisite you will have to earn to become fully CAP certified is that you will have to have two cumulative, paid years of experience working in at least one of the seven domains of knowledge that the CAP common body of knowledge (CBK) covers. 

CAP exam information

Aside from the prerequisite above, you will also have to pass the CAP certification exam to earn the CAP certification. This exam covers seven domains of knowledge, which are:

  • Information Security Risk Management Program
  • Scope of the Information System
  • Selection and Approval of Security and Privacy Controls
  • Implementation of Security and Privacy Controls
  • Assessment/Audit of Security and Privacy Controls
  • Authorization/Approval of Information System
  • Continuous Monitoring

This exam format is multiple-choice, and certification candidates will have to answer 125 questions and be given a maximum of three hours to complete the exam. The certification exam is given at a Pearson VUE testing center of your choice. In most cases, you will walk out of the testing center with your unofficial exam results. ISC2 will mail you your official exam results several weeks after taking your CAP exam.

Job titles looking for CAP certification holders

While the CAP certification is narrowly tailored to security risk management, many job titles look for CAP cert holders. Below is a list of job titles looking for CAP certified candidates:

  • Information Risk Manager
  • IT Risk Manager
  • Information Security Risk Manager
  • Security Risk Analyst
  • Information Security Director
  • Cyber Security Analyst
  • Information Assurance Analyst
  • Systems Engineer Support Analyst
  • Senior IT Engineer

The benefits of being a CAP cert holder

Those that have earned the CAP certification did not go through the time and effort it takes to earn the certification for their health. Rather, there is a list of benefits that CAP certification holders will be able to take advantage of when they couple this certification with an assertive approach to their career. The benefits that you will have as a CAP certification holder are:

  • Significantly higher pay than that of a risk management professional that doesn’t have the certification
  • Enhanced career recognition based upon the advanced level of knowledge and skill that the CAP certification verifies
  • More doors will open for you with hiring organizations, as they fully understand the value and expertise that hiring a CAP certified professional will bring to their organization
  • You can take advantage of the CAP certification not just in the United States but rather worldwide as organizations all over the world are seeking CAP professionals
  • Being a CAP certification holder means that you comply with two of the levels of DoD 8570 compliance — specifically, IAM Level I and Level II. This means your career path can now extend into the realm of the DoD and various defense-related industries and contractors
  • Various ISC2 related benefits, such as discounts of training sessions to help you pursue other certifications

Earn your CGRC, guaranteed!

Earn your CGRC, guaranteed!

Enroll in a CGRC (formerly CAP) Boot Camp and earn one of the industry's most respected certifications — guaranteed.

Salary to expect with a CAP

Security Risk Management professionals and those working within RMFs will be able to reap a host of benefits from being a CAP certification holder. If you have earned your CAP cert, you can expect to earn an average of $124,610. When you combine this solid average salary with the other benefits listed above, you may want to consider earning this certification if you are a Security Risk Management professional.

For more information on the CGRC certification (formerly CAP), check out our CGRC certification hub.


Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.